Problem with assigning multiple VLAN on Dumb AP/Switch (23.05)

Hi, I'm having difficulty trying to setup Dumb AP (for WAP&Switch) with multiple VLAN. Dumb AP is connected to Openwrt Router via Trunk port.

WAP has WAN connection and is working fine.
Problem is:
Although PC on LAN port is issued with IP from Router's DHCP Server, it could not connect to WAN
Am I missing any setting?

The Setup
Dumb AP (192.168.1.10)
DNSmasq disabled
Firewall disabled
ODHCPD disabled

Interface
ADMIN (unmanaged)
HOME (unmanaged)
LAN (Static address)

Main Openwrt Router (192.168.1.1) trunk to Dumb AP via Eth1 port
LAN1 - VLAN10/ADMIN for Admin PC
LAN2 - VLAN20/HOME for Home PC
LAN3&4 - VLAN99/LAN (for LAN PC, Router& AP VLAN)
2.4&5g WAP is on VLAN20/HOME

my Settings

ubus call system board

        "kernel": "5.15.150",
        "hostname": "OpenWrt",
        "system": "ARMv8 Processor rev 4",
        "model": "ASUS TUF-AX4200",
        "board_name": "asus,tuf-ax4200",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "23.05.3",
                "revision": "r23809-234f1a2efa",
                "target": "mediatek/filogic",
                "description": "OpenWrt 23.05.3 r23809-234f1a2efa"
        }
}

/etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd9a:2c07:1739::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth1'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'
        option bridge_empty '1'
        option ipv6 '0'

config device
        option name 'lan1'

config device
        option name 'lan2'

config device
        option name 'lan3'

config device
        option name 'lan4'

config interface 'lan'
        option device 'br-lan.99'
        option proto 'static'
        option ipaddr '192.168.1.10'
        option netmask '255.255.255.0'
        option gateway '192.168.1.1'
        list dns '192.168.1.1'

config device
        option name 'eth1'

config bridge-vlan
        option device 'br-lan'
        option vlan '10'
        list ports 'eth1:t'
        list ports 'lan1:u*'

config bridge-vlan
        option device 'br-lan'
        option vlan '20'
        list ports 'eth1:t'
        list ports 'lan2:u*'

config interface 'ADMIN'
        option proto 'none'
        option device 'br-lan.10'
        option force_link '1'

config interface 'HOME'
        option proto 'none'
        option device 'br-lan.20'
        option force_link '1'
        list dns '192.168.1.1'

config bridge-vlan
        option device 'br-lan'
        option vlan '99'
        list ports 'eth1:t'
        list ports 'lan3:u*'
        list ports 'lan4:u*'

/etc/config/wireless

/etc/config/wireless
config wifi-device 'radio0'
        option type 'mac80211'
        option path 'platform/soc/18000000.wifi'
        option band '2g'
        option htmode 'HE20'
        option country '--'
        option cell_density '0'
        option channel '1'
        option txpower '20'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'HOME'
        option mode 'ap'
        option ssid 'homeap'
        option encryption 'psk2'
        option key '----------'
        option ieee80211k '1'
        option ieee80211r '1'
        option ft_over_ds '0'
        option ft_psk_generate_local '1'

config wifi-device 'radio1'
        option type 'mac80211'
        option path 'platform/soc/18000000.wifi+1'
        option channel '100'
        option band '5g'
        option htmode 'HE80'
        option country '--'
        option cell_density '0'
        option txpower '24'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option network 'HOME'
        option mode 'ap'
        option ssid 'homeap'
        option encryption 'psk2'
        option key '-------'
        option ieee80211k '1'
        option ieee80211r '1'
        option ft_over_ds '0'
        option ft_psk_generate_local '1'

Is the firewall on your main router allowing DHCP and DNS for main and admin firewall zones? An example for just admin follows.

config forwarding                               
        option src 'admin'                        
        option dest 'wan'                       

config zone                                     
        option name 'admin'                       
        option output 'ACCEPT'                  
        option forward 'REJECT'                   
        list network 'ADMIN'                      
        option input 'REJECT'                     
                                                
config rule                                     
        option name 'Allow-admin-DNS'             
        option src 'admin'                        
        option dest_port '53'                   
        option target 'ACCEPT'                  
        list proto 'tcp'                        
        list proto 'udp'                        
                                                
config rule                                     
        option name 'Allow-admin-DHCP'            
        option src 'admin'                        
        option dest_port '67-68'                
        option target 'ACCEPT'                  
        list proto 'udp'                        

Hi Eginnc
yes they are. everything is connected fine and in order at Openwrt Router.
(clipped from openwrtRouter ) /etc/config/firewall

config zone
        option name 'ADMINZone'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'
        list network 'ADMIN'

config forwarding
        option src 'ADMINZone'
        option dest 'wan'

config rule
        option name 'ADMIN DHCP DNS'
        option src 'ADMINZone'
        option dest_port '53 67 68'
        option target 'ACCEPT'

config zone
        option name 'HOMEZone'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'
        list network 'HOME'

config forwarding
        option src 'HOMEZone'
        option dest 'wan'

config rule
        option name 'Home DHCP DNS'
        option src 'HOMEZone'
        option dest_port '53 67 68'
        option target 'ACCEPT'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'
        list network 'lan'

config forwarding
        option src 'lan'
        option dest 'wan'

somehow when i manually set the mac address (according to default) on Device br-lan,eth1,lan1,lan2,lan3,lan4 everything just worked

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.